1. Field
The present invention relates generally to database management systems, and more particularly, to a system and method for managing user data in a plurality of databases.
2. Description of the Related Art
Driven by new Internet technologies, business growth requires organizations to extend their systems, applications and directories to partners, suppliers, customers and employees. This explosion in user population makes the task of managing user accounts increasingly complex. It also creates a new need for identity management—the ability to control and monitor individual user access over time.
Compounding this situation are the business realities of mergers, acquisitions and divestitures—the numbers of users are increasing and the numbers of system types are expanding. IT directors are forced to manage multiple operating systems, mail systems, network operating systems and home-grown applications distributed across various, often worldwide locations.
Individually managing multiple directories is time-consuming, costly and error-prone—especially in organizations where changes frequently occur. Keeping up with the daily maintenance can be a significant task. Ensuring overall security and integrity across the board increases the challenge.
To meet these challenges, administrative security systems have been developed to provide user account management across multiple, geographically dispersed security systems and directories. An example of one such system is eTrust™ Admin commercially available from Computer Associates International, Inc. of New York, the assignee of the present application. These systems enable the creation, modification and removal of users across multiple, heterogeneous environments. The single administrative security system allows administrators to centrally define and manage security policies across an enterprise by automating the provisioning of user accounts on a variety of IT systems and ERP (Enterprise Resource Planning) applications, for example, using a role-based approach. That is, role-based user provisioning enables the administrators to automatically provide users with a set of userids based on their business functions and ensures consistent user access policies are applied across a wide range of system types and directories.
With the advances in centralizing the administration of user accounts, there remains a need for techniques for extracting data from directories and ERP applications to populate the administrative security systems without manually reentering the existing data.